Centralize To Survive
To counter spyware, spam, viruses, and unauthorized network intrusions, companies must consolidate and automate. Sounds simple, but many companies still are recent converts to those practices.

For HNTB Corp., a large architectural and engineering firm, moving to an antivirus product with a central console to manage and impose security policies and monitor employees' system usage has dramatically improved the company's security performance. "We haven't had a major outbreak since we put this in place" nine months ago, information manager Travis O'Dell says. In fact, there have been no outbreaks of any kind. Previously, the company saw two or three over the same time period.

Before centralization, computer users were responsible for updating their own security software. "Our biggest concern when users updated the security themselves was whether the [new software was] ever really getting loaded," O'Dell says. With McAfee Inc. antivirus software, HNTB sees any PCs that don't have the current software and can push it to those machines as needed. "We're updating clients, and it's safe," O'Dell says. "End users should just know that they're protected."

They do at the AAA Reading-Berks office in Pennsylvania. The auto club's IT director, Peter Wallace, attacks spyware and viruses--which often enter a network as spam--in the same manner, by letting automated tools spot and fix problems. When spyware entered the vernacular, Wallace drew on his experience dealing with viruses to help shape his approach. A server in his office goes out and checks for updates to Computer Associates' eTrust Antivirus software. "I pull up the console, see how many machines are online, and update them as needed," he says. The number of viruses infecting systems has shrunk. "I just know I can sleep better at night because my server is updating in the middle of the night," he says.

The onslaught of spyware fractured some of that hard-won control over potential security holes. Wallace was spending most of his time last fall trying to keep spyware off the PCs that the auto club's 95 employees use. It slowed systems to a crawl and required Wallace and his single IT staffer to wipe machines clean, reload operating systems and applications, and reset user access rights. "The biggest pain was seeing a clean machine that was fine for a month, but then experiencing problems again," he says. During a bad week, the two-person team spent about 40 hours cleaning infected machines.

Since deploying CA's Pest Patrol, Wallace has cut the time he spends on spyware to 15 minutes a week. The software detects and removes spyware, so Wallace no longer has to pull customer-service agents' systems offline to fix problems. The greatest benefit is the impact on operations: fewer outages and fewer people needing to move off their systems while working with customers, Wallace says. Other vendors with spyware-fighting products include InterMute, Microsoft, and Webroot. Symantec also offers anti-spyware software, along with antivirus and anti-spam products.

Staff training and the support of company management are crucial in fighting all these threats, analyst Oltsik says. Employees need to understand what spyware is and how to avoid it. "Users and the help desk should know what to do when a PC gets flaky, and the training should be consistent and related to benefits," he says. "Any of these efforts need to involve the whole company."

Patch Properly
Patch management is moving into the automated era, too. The amount of time an IT security pro spends patching often depends on the number of patches Microsoft issues on the second Tuesday of each month and the impact they have on a business' IT infrastructure.

Patch Tuesday didn't used to be pleasant at OMD, a media buying and planning subsidiary of Omnicom Group Inc., network administrator Ryan Hudson says. "Before, we did patches manually. We'd have to upgrade a critical patch on all 100 servers, and it took more than a week to get to them all," he says. OMD tested patches before deployment, loading them onto a test LAN before installing them on live machines.

To reduce the time and effort involved in deploying patches, OMD decided to centralize and automate the testing and installation of software fixes. It also wanted to be able to deploy fixes without having to take down systems while the patches were being applied. Earlier this year, the company tested the Altiris Management Suite for Dell Servers, which let it move ahead with many of the patch-management policies it wanted to implement, such as balancing patch-deployment timing among servers so that all departments aren't down at once. Dell sells the Altiris software as part of its systems-management suite and offers a service to help companies test and deploy patches. Many other companies, including Microsoft, sell their own products for patch management.

For Hudson, the new patching policies and technology have made Patch Tuesday much easier. "I don't have to think about patch management now," he says.

Given everything else that security pros do need to think about, that's a welcome relief.

Illustration by Steven Lyons

Continue to the sidebars:
Criminal Intent: What, Me Worry?
and Lock The Doors